Security vulnerabilities in DNS and measures to prevent it

 

Discuss the type of security vulnerabilities in DNS and what measures are (5 Marks) taken to prevent it? DNS is highly vulnerable to attacks and spoofing. An intruder can intercept virtually all requests to translate names to IP addresses, and supply the address of a subverted machine instead; this would allow the intruder to spy on all traffic, and build a nice collection of passwords if desired.   IP spoofing attacks can be prevented to an extent. Ssh provides an improved type of authentication. The server has a list of host keys stored in letc/ssh~known~host, and additionally each user has host keys in $HOME/.ssh/known hosts. Ssh uses the name servers to obtain the canonical name of the client host, looks for its public key in its known host files, and requires the client to prove that it knows the private host key. This prevents IP and routing spoofing attacks. rlogin and rsh permit ordinary users to extend trust to remote host/user combinations. In that case, individual users, rather than an entire system, may be targeted by source routing attacks. The information required for this attack are the target hostname, trusted hostname and the user name, which are obtained by the "finger" command. Attack is done as below: In spoofing a host or application to mimic the actions of another. The attacker pretends to be an innocent host by following IP addresses in network packets. rlogin service can use this method to mimic a TCP connection from another host by guessing TCP sequence numbers.   These attacks can be prevented by: ·         Prevent datagram routing with invalid source addresses. ·    Introduce unpredictability into connection control mechanisms, such as TCP sequence numbers and the allocation of dynamic port addresses. ·         Letting rsh/ rlogin to do forward loop along with the reverse lookup.   Allowing to do forward lookup creates a problem called " poisoning the cache " where the attacker sends an unsolicited record along with the PTR record (PTR-a pointer to another part of the domain name space). This attack-can be subverted by rejecting with the record, which arrives along with the PTR record.